23 matches found
CVE-2020-7673
node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...
EUVD-2021-1043
Malware in sbrugna...
EUVD-2024-43322
Malicious code in bioql PyPI...
EUVD-2024-53520
Malicious code in bioql PyPI...
EUVD-2022-1091
Malicious code in bioql PyPI...
Prototype Pollution
utils-extend is vulnerable to Prototype Pollution. The vulnerability is due to the lib.extend function, which allows an attacker to modify the global prototype chain and potentially cause a denial of service DoS...
1filecompiler (=0.0.2), @adrian.u/adritoolbox (>=1.0.0 <=1.1.0) +801 more potentially affected by CVE-2024-57077 via utils-extend (=1.0.8)
utils-extend NPM version =1.0.8 is affected by a known vulnerability. The following packages have a transitive dependency on utils-extend and may be impacted: - 1filecompiler =0.0.2 - @adrian.u/adritoolbox =1.0.0, =0.1.1, =0.1.0, =0.1.0, =1.0.2, =0.1.0, =0.0.1, =0.37.8, =1.0.1, =0.1.0, =1.0.2,...
utils-extend Prototype Pollution
The latest version of utils-extend 1.0.8 is vulnerable to Prototype Pollution through the entry functions lib.extend. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service DoS a the minimum...
CVE-2024-57077
The latest version of utils-extend 1.0.8 is vulnerable to Prototype Pollution through the entry functions lib.extend. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service DoS a the minimum...
steal 安全漏洞
steal is StealJS open source an extensible general-purpose module loader . It can load JavaScript modules defined in ES6, AMD and CommonJS formats. A security vulnerability exists in steal 2.2.4, which stems from prototype contamination of function extend in StealJS via the key variable in babel....
@acanto/components (>=0.0.2 <=0.0.73), @acanto/components-header-subnav (>=0.0.2 <=0.0.37) +51 more potentially affected by CVE-2021-23702 via object-extend (=0.5.0)
object-extend NPM version =0.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on object-extend and may be impacted: - @acanto/components =0.0.2, =0.0.2, =0.0.2, =0.0.3, =0.0.2, =0.0.2, =0.0.17, =0.0.2, =0.0.2, =0.0.65, =0.0.2, =0.0.2, =0.0.2, =0.0.4,...
@acanto/components (>=0.0.2 <=0.0.73), @acanto/components-header-subnav (>=0.0.2 <=0.0.37) +51 more potentially affected by CVE-2021-23702 via object-extend (=0.5.0)
object-extend NPM version =0.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on object-extend and may be impacted: - @acanto/components =0.0.2, =0.0.2, =0.0.2, =0.0.3, =0.0.2, =0.0.2, =0.0.17, =0.0.2, =0.0.2, =0.0.65, =0.0.2, =0.0.2, =0.0.2, =0.0.4,...
Prototype Pollution
Overview extend2 is a forked from node-extend, the difference is overriding array as primitive when deep clone. Affected versions of this package are vulnerable to Prototype Pollution via the extend function due to unsafe recursive merge. POC: js var e = require "extend2" etrue, ,...
Unspecified vulnerability in js-extend
js-extend is a module for Npm with extension capabilities. A security vulnerability exists in js-extend versions 0.0.1 through 1.0.1, which can be exploited by an attacker to cause a denial of service and possibly remote code execution...
js-extend 安全漏洞
js-extend is a module for Npm with extension capabilities. A security vulnerability exists in js-extend versions 0.0.1 through 1.0.1, which can be exploited by an attacker to cause a denial of service and possibly remote code execution...
1filecompiler (=0.0.2), @adrian.u/adritoolbox (>=1.0.0 <=1.1.0) +801 more potentially affected by CVE-2020-8147 via utils-extend (=1.0.8)
utils-extend NPM version =1.0.8 is affected by a known vulnerability. The following packages have a transitive dependency on utils-extend and may be impacted: - 1filecompiler =0.0.2 - @adrian.u/adritoolbox =1.0.0, =0.1.1, =0.1.0, =0.1.0, =1.0.2, =0.1.0, =0.0.1, =0.37.8, =1.0.1, =0.1.0, =1.0.2,...
1filecompiler (=0.0.2), @adrian.u/adritoolbox (>=1.0.0 <=1.1.0) +801 more potentially affected by CVE-2020-8147 +1 more via utils-extend (=1.0.8)
utils-extend NPM version =1.0.8 is affected by a known vulnerability. The following packages have a transitive dependency on utils-extend and may be impacted: - 1filecompiler =0.0.2 - @adrian.u/adritoolbox =1.0.0, =0.1.1, =0.1.0, =0.1.0, =1.0.2, =0.1.0, =0.0.1, =0.37.8, =1.0.1, =0.1.0, =1.0.2,...
The vulnerability of the jQuery.extend function (true, {}, …) in the jQuery library allows a attacker to compromise the confidentiality and integrity of the protected information.
The vulnerability of the jQuery.extend function exists because measures to protect the structure of web pages are not taken. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality and integrity of the protected information...
The vulnerability of the jQuery.extend() function in the jQuery library allows a hacker to trigger a denial-of-service attack, execute arbitrary JavaScript code, or enhance their privileges.
The vulnerability of the jQuery.extend function in the jQuery library is related to the lack of restrictions on changes to the “proto” property when performing the extend operation. Exploiting this vulnerability can allow a malicious actor to cause service failures, execute arbitrary JavaScript...
3vot-salesforce-proxy (>=0.0.1 <=0.1.6), 47pages-keystone (>=0.0.1 <=0.0.5) +710 more potentially affected by CVE-2018-16491 via node.extend (>=0.0.1 <=1.1.6)
node.extend NPM version =0.0.1, =0.0.1, =0.0.1, =0.1.8, =0.0.6, =0.2.8-aneilbaboo1, =0.2.1, =0.5.0, =1.0.37, =0.2.1, =1.0.0, =0.2.35, =0.0.1, =2.3.1 and more Source cves: CVE-2018-16491 Source advisory: OSV:GHSA-R96C-57PF-9JJM...